Complex Made Simple

A collage of cyber fright that businesses better fight

According to Cybersecurity Ventures, cybercrime costs are projected to reach $10.5 trillion by 2025 as levels of account takeover, new account fraud, and other types of fraud continue to rise

Consolidating cybersecurity, backup, and disaster recovery services produces over $229k in savings The Nobelium threat group behind last year's SolarWinds hack is still targeting the global IT supply chain 40% of organizations have experienced a cloud-based data breach in the past 12 months

According to Cybersecurity Ventures, cybercrime costs are projected to reach $10.5 trillion by 2025 as levels of account takeover, new account fraud, and other types of fraud continue to rise.

The following content should be cause for great concern. If it brings a fight or flight reaction. It had better be the former.

Trickbot banking

Discovered in 2016, Trickbot’s main functionality was online banking data theft. Kaspersky said that over its five years of activity, the malware has evolved and become multi-modular ranging its activity from data theft to other malware distribution (such as Ryuk ransomware).

The malware spreads over local networks using stolen credentials and vulnerabilities, provides remote access, proxy network traffic, performs brute-force attacks, and downloads other malware.

Backup for huge savings

Acronis, a global leader in cyber protection, announced new research by VansonBourne titled “MSPs Speak: Cybersecurity and the future role of the MSP,” showing that consolidating cybersecurity, backup, and disaster recovery services produces over $229k in savings and reduces breach recovery by 5 hours, on average.

Many MSPs (Managed Service Providers) have added additional tools to their technology stack, using an average number of 4 vendors to provide cybersecurity, backup and/or disaster recovery (DR) services.

The Grief Ransomware gang, which recently made recent headlines for allegedly targeting the National Rifle Association (NRA), is now trying to amplify that news by creating dozens of fake Twitter accounts as a means of ‘promoting’ the attack to journalists and others on the platform.

Grief Ransomware Group promoting attacks 

The Grief Ransomware gang, which recently made recent headlines for allegedly targeting the National Rifle Association (NRA), is now trying to amplify that news by creating dozens of fake Twitter accounts as a means of ‘promoting’ the attack to journalists and others on the platform.

According to Sam Riddell, associate analyst, Mandiant, “We’re now seeing, for the first time, financially-motivated actors using tactics traditionally employed by information operations actors used alongside a ransomware attack.”

While this tactic is new, Mandiant’s experts believe it’s par for the course and it was only a matter of time before this happened. 

According to Jeremy Kennelly, senior manager, financial crime analysis, Mandiant Threat Intelligence, “This is likely a new way for this group to exert additional pressure on its victims. We’ve seen constant shifts in the tactics used by financially-motivated threat actors to get their victims to pay, so from an evolutionary perspective, using this tactic makes perfect sense.”

Remote work: Supply chain attacks

In its annual Cyber Readiness Report, Acronis said that 53% of global companies have a false sense of security when it comes to supply chain attacks.

Important statistics to highlight from the report:

  • Instructing remote employees is still a top issue for 68% of companies in the UAE
  • 23% of employees in the UAE report receiving over 20 phishing emails per month
  • 5% of employees in the UAE purchased multiple new devices since the pandemic began
  • 3 out of 10 companies report facing a cyberattack at least once a day
  • Nearly half of IT managers (47%) are not using multi-factor authentication solutions

Threat predictions

McAfee Enterprise and FireEye released their report titled “2022 Threat Predictions,” in which they look at what enterprises face in 2022.  

McAfee Enterprise & FireEye 2022 Predictions:

  • Use of social media for targeted attacks. Targeting of individuals has proven a very successful channel, and this vector could only grow.
  • Nation-states turn to hackers for hire. In 2022, we will see many cases where a start-up company is formed, and a web of technology companies directed and controlled by the countries’ intelligence ministries.  
  • Rise of smaller affiliates. The Ransomware-as-a-Service (RaaS) ecosystem has evolved with the use of affiliates, middlemen and women that work with the developers for a share of the profits.  
  • Game of ransomware thrones. In 2022, these self-reliant cybercrime groups will shift the balance of power within the RaaS eco-kingdom from those who control the ransomware to those who control the victim’s networks.  
  • API-based attacks. Recent statistics suggest that more than 80% of all internet traffic belongs to API-based services. 5G and IoT traffic between API services and apps will make them increasingly lucrative targets, causing unwanted exposure of information.  
  • Application containers. Containers have become the de-facto platform of modern cloud applications. In a recent IBM survey, 64% of adopters expected to containerize over 50% of existing and new business applications over the next two years. However, the accelerated use of containers increases the attack surface for an organization.  
  • Zero-Days. 2021 is already being touted as one of the worst years on record with respect to the volume of zero-day vulnerabilities exploited in the wild. In 2022, companies will have a renewed focus on reducing their “time to patch.”

Solarwinds warnings

Microsoft says the Russian-backed Nobelium threat group behind last year’s SolarWinds hack is still targeting the global IT supply chain, with 140 managed service providers (MSPs) and cloud service providers attacked and at least 14 breached since May 2021.

Saket Modi, Co-founder & CEO, Safe Security said: 

“Nobelium’s ongoing supply chain attacks show the importance of closing loopholes to trusted relationships that cause downstream impacts. Social engineering, cloud misconfigurations relating to unverified delegated administrative privileges, password sprays, API theft, and supply chain attacks are all threat actor techniques that businesses are actively monitoring, but in a siloed and disjointed fashion.”

He added: “NOBELIUM has been successful because organizations lack a single, enterprise-wide, and real-time cybersecurity view of what and where their vulnerabilities lie across people, technology, and third-party (supply chain). Organizations need to go beyond a questionnaire and outside-in approach only and have a cohesive inside-out, real-time risk analysis of third parties to get a better understanding of their risk posture and critical vulnerabilities.” 

Multifactor authentication

Kaspersky experts noticed increased activity from fraudsters stealing passwords by using special malware called Trojan-PSW, capable of gathering login and other account information to anything from gaming websites and streaming accounts, to online banking.

It found the dynamics for the UAE worrisome: During January – September 2021, there were 46% more users attacked than in the same period of 2020.

The global total amount of detections also increased compared to the previous year: from 24.8 million to 25.5 million.

“As statistics show, logins, passwords, payment details, and other personal data continue to be an attractive target for cybercriminals and they remain a popular commodity on the dark market. For this reason, we encourage internet users to take extra steps to protect their accounts, for example by using multifactor authentication methods,” commented Denis Parinov, a security expert at Kaspersky.

Cloud security

The 2021 Thales Global Cloud Security Study, commissioned by Thales and conducted by 451 Research, part of S&P Global Market Intelligence, reports that 40% of organizations have experienced a cloud-based data breach in the past 12 months.

Despite increasing cyber-attacks targeting data in the cloud, the vast majority (83%) of businesses are still failing to encrypt half of the sensitive data they store in the cloud, raising even greater concerns as to the impact cybercriminals can have.

According to the study, one-fifth (21%) of businesses host the majority of their sensitive data in the cloud, while 40% reported a breach in the last year.

Businesses share common concerns about the increasing complexity of cloud services. Almost half (46%) of global respondents claimed managing privacy and data protection in the cloud is more complex than on-premises solutions.

Attivo infographics

Attivo Networks, an innovative defense for protection against identity compromise, privilege escalation, and lateral movement attacks, looks back at 2021’s scary characters in the following infographics.